Yes, but I was distinguishing identification and authentication, not authentication and authorization. To derive the word "authentification," which doesn't have anything to do with authorization. Amazing discussion we're generating on this non- existent word ;-) On Mon, 29 Apr 2002 Valdis.Kletnieksat_private wrote: > On Mon, 29 Apr 2002 15:35:24 CDT, Tina Bird said: > > > I've certainly had a lot of students get confused about > > the whole issue, and use "authentification" to combine > > both assigning an identifier to a person, and validating > > that a person has the right to use a particular identifier. > > Identifying a specific entity as being itself and not an impostor > is "authentication". Deciding whether said entity is allowed to > perform a requested action is "authorization". The two are quite > distinct, even though many people confuse the two. > > I came up with the following example of the vast difference: > > Authentication: "OK.. you have a picture ID that say you're Jeffrey Dahmer(*)". > > Authorization: "Can I lend you a steak knife, Mr Dahmer?". > > Grisly, but 100% effective in explaining the distinction. (Yes, you can > use it, as long as you attribute it. ;) > -- > Valdis Kletnieks > Computer Systems Senior Engineer > Virginia Tech > > (*) For the non-US list members - Jeffrey Dahmer was a rather nasty > serial killer and cannibal.... >
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 18:59:13 PDT